permit RIP without enabling it thru ASA 5510

ksvy_ksvy · ‎08-25-2008

is it possible to permit RIP through a 5510, using 7.2(10)2, without enabling RIP?

Marwan ALshawi · ‎08-25-2008

in ur case u need to run the ASA in transparant mode

in this case the ASA will work as a layer two device will not participat in any layer three addressing things and u can put it between two devices in the same ip addressing subnet

for example if u have PC >> ASA transparant mode>> router

the PC default gateway will be thw router

so if u have

Router with rip >>ASA transparnt mode>>> router with rip

those two routers can comunicate as in the same network as they connected to aswitch

however u need to permit the traffic through the ASA

just permit ip traffic for rip and multicasting for rip updates and thats it

have a look at the following link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

good luck

if helpful rate

Farrukh Haroon · ‎08-25-2008

In transparent mode you can do this for sure. As in the 'Layer 2' mode of the firewall.

In the routed mode, you can make a GRE tunnel between the two devices and run inside it. You will then allow this GRE through the ASA.

Regards

Farrukh

Marwan ALshawi · ‎08-25-2008

hi Farrukh

it sounds we overlaped here :)

anyway this is 3 point for the GRE

Farrukh Haroon · ‎08-25-2008

Lolz OK. I think you posted while I was typing mine :)

Regards

Farrukh

ksvy_ksvy · ‎08-25-2008

ok, works in transparent mode, and will need a GRE tunnel to go thru routed mode... routed mode is required for the site where the 5510 is going to

one more favor; need a white page for setting up a GRE tunnel for this purpose

thanks, kevin

Farrukh Haroon · ‎08-26-2008

I could only find one link for GRE on the DOC-CD which is little different from your requimrent:

http://www.cisco.com/en/US/tech/tk86/tk89/technologies_configuration_example09186a008011520d.shtml

There is one with GRE OVER IPSEC:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008023ce5b.shtml

Regards

Farrukh

ksvy_ksvy · ‎08-26-2008

yeah, I am unable to locate much of anything.

this is it:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

Farrukh Haroon · ‎08-26-2008

The link you sent is to allow L2TP or PPTP though firewall. It has no direct relation to this discussion. If you want to permit GRE then you can use a similar ACL as the link, as PPTP also uses GRE. But other than that, this link is not what you are looking for.

Regards

Farrukh

ksvy_ksvy · ‎08-26-2008

right, but it's the only reference to a GRE ACL for a ASA that I could find.

I not so sure a GRE tunnel for IOS routers is what would work either.

thanks, Kevin

Marwan ALshawi · ‎08-26-2008

this link for router to router gre over IPSEC

if u want only gre ignore the ipsec configs

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008023ce5b.shtml

and the following one contains lots of gre config links

http://www.cisco.com/en/US/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html

good luck

if helpful Rate